[Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Paul Murphy pjm at ousekjarr.org
Mon Oct 13 18:24:08 EDT 2014

"touch" should never work in the spool directory - clamd is reading
files and deciding whether they are infected, so it should never try to
create a file.  You have set the permissions to make the directory group
readable, not group writable, and this is correct.

You need to ensure that the spool directories are also created group
readable, so turn on "-d" to keep the temporary directories for a short
time so you can see that the permissions are correct.  Once you have a
few to test with, su to your clamav user, cd to the spool directory, and
run clamdscan on the INPUTMSG to ensure that the daemon can read it.

The odds are that your MD_ALLOW_GROUP_ACCESS is not taking effect, so
the working directories are not accessible by clamdscan.


-----Original Message-----
From: mimedefang-bounces at lists.roaringpenguin.com
[mailto:mimedefang-bounces at lists.roaringpenguin.com] On Behalf Of Cliff
Sent: 13 October 2014 23:01
To: mimedefang at lists.roaringpenguin.com
Subject: Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Did what you said and I can't touch a new temp file in
/var/spool/MIMEDefang ... permission denied ... but clamd appears to be
running as clamav

su -s /bin/bash clamav
bash-4.1$ cd /var/spool/MIMEDefang
bash-4.1$ ls -l
total 8
-rw-r----- 1 defang defang 5 Oct 13 16:50 mimedefang-multiplexor.pid
srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang-multiplexor.sock
-rw------- 1 defang defang 5 Oct 13 16:50 mimedefang.pid
srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang.sock bash-4.1$ vi
mimedefang.pid bash-4.1$ touch temp
touch: cannot touch `temp': Permission denied bash-4.1$ su root
[root at sendmail MIMEDefang]# ps aux | grep clamd
clamav    1652  0.0  3.5 518068 288956 ?       Ssl  16:50   0:00 
root      1838  0.0  0.0 103256   848 pts/2    S+   16:59   0:00 grep

On 10/13/2014 4:54 PM, Les Mikesell wrote:
> su -s /bin/bash clamav
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com

Scanned by MIMEDefang - s9DM4mDX006711

Report as SPAM:  http://www.ousekjarr.org/learn.php?msg=s9DM4mDX006711

More information about the MIMEDefang mailing list